Add allow_world_readable_secrets option to config file #663

Merged

lx merged 1 commit from PicNoir/garage:nin/world-readable-conf-file into main-0.8.x

2024-01-15 15:20:16 +00:00

Author	SHA1	Message	Date
Félix Baylac Jacqué	f83fa02193	Add allow_world_readable_secrets option to config file All checks were successful continuous-integration/drone/pr Build is passing Details Sometimes, the secret files permissions checks gets in the way. It's by no mean complete, it doesn't take the Posix ACLs into account among other things. Correctly checking the ACLs would be too involving (see #658 (comment)) and would likely still fail in some weird chmod settings. We're adding a new configuration file key allowing the user to disable this permission check altogether. The (already existing) env variable counterpart always take precedence to this config file option. That's useful in cases where the configuration file is static and cannot be easily altered. Fixes #658 Co-authored-by: Florian Klink <flokli@flokli.de>	2023-10-26 18:25:13 +02:00

Author

SHA1

Message

Date

Félix Baylac Jacqué

f83fa02193

Add allow_world_readable_secrets option to config file

continuous-integration/drone/pr Build is passing

Details

Sometimes, the secret files permissions checks gets in the way. It's
by no mean complete, it doesn't take the Posix ACLs into account among
other things. Correctly checking the ACLs would be too involving (see
#658 (comment))
and would likely still fail in some weird chmod settings.

We're adding a new configuration file key allowing the user to disable
this permission check altogether.

The (already existing) env variable counterpart always take precedence
to this config file option. That's useful in cases where the
configuration file is static and cannot be easily altered.

Fixes #658

Co-authored-by: Florian Klink <flokli@flokli.de>

2023-10-26 18:25:13 +02:00